undefined | Better HN

0 pointskachapopopow2mo ago0 comments

I guess it makes sense - as for persistence I guess no point in having any if you can just compromise the target again.

0 comments

>persistence I guess no point in having any

The most obvious reason would be the fear of patching a vulnerability which the attacker used to gain initial access. Persistence is required.

ronsor2mo ago

Many servers and systems are rarely rebooted, and many campaigns are not that long term. There may not be a reason to compromise the target again.

For example, a ransomware gang may compromise a company's network, steal data, deploy the cryptolocker, and then get out. There's no need to have persistent access; they got what they wanted.

kachapopopowOP2mo ago

I know that very well considering I have servers that have 5 years of uptime, but generally the environment isn't the same as it was with cloud services living less than a few hours (or even seconds for functional endpoints) this becomes a problem.

my first thoughts is that this is actually a vector against people rather than servers which do reboot daily.

j / k navigate · click thread line to collapse